pymisp 2.5.7__py3-none-any.whl → 2.5.8__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pymisp might be problematic. Click here for more details.

Files changed (135) hide show
  1. pymisp/api.py +1 -0
  2. pymisp/data/misp-objects/objects/rmm/definition.json +1 -1
  3. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/METADATA +4 -4
  4. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/RECORD +6 -135
  5. CHANGELOG.txt +0 -5380
  6. examples/__init__.py +0 -0
  7. examples/add_attributes_from_csv.py +0 -74
  8. examples/add_email_object.py +0 -29
  9. examples/add_fail2ban_object.py +0 -86
  10. examples/add_feed.py +0 -25
  11. examples/add_file_object.py +0 -47
  12. examples/add_filetype_object_from_csv.py +0 -53
  13. examples/add_generic_object.py +0 -26
  14. examples/add_github_user.py +0 -65
  15. examples/add_gitlab_user.py +0 -56
  16. examples/add_named_attribute.py +0 -25
  17. examples/add_organisations.py +0 -57
  18. examples/add_ssh_authorized_keys.py +0 -29
  19. examples/add_user.py +0 -22
  20. examples/add_vehicle_object.py +0 -22
  21. examples/addtag2.py +0 -45
  22. examples/asciidoc_generator.py +0 -114
  23. examples/cache_all.py +0 -10
  24. examples/copyTagsFromAttributesToEvent.py +0 -68
  25. examples/copy_list.py +0 -93
  26. examples/create_events.py +0 -26
  27. examples/cytomic_orion.py +0 -549
  28. examples/del.py +0 -22
  29. examples/delete_user.py +0 -16
  30. examples/edit_organisation.py +0 -20
  31. examples/edit_user.py +0 -20
  32. examples/falsepositive_disabletoids.py +0 -136
  33. examples/fetch_events_feed.py +0 -15
  34. examples/fetch_warninglist_hits.py +0 -38
  35. examples/freetext.py +0 -22
  36. examples/generate_file_objects.py +0 -78
  37. examples/generate_meta_feed.py +0 -15
  38. examples/get.py +0 -37
  39. examples/get_csv.py +0 -37
  40. examples/get_network_activity.py +0 -187
  41. examples/last.py +0 -48
  42. examples/load_csv.py +0 -94
  43. examples/lookup.py +0 -28
  44. examples/misp2cef.py +0 -71
  45. examples/misp2clamav.py +0 -52
  46. examples/openioc_to_misp.py +0 -27
  47. examples/proofpoint_tap.py +0 -203
  48. examples/proofpoint_vap.py +0 -65
  49. examples/search.py +0 -48
  50. examples/search_attributes_yara.py +0 -40
  51. examples/search_sighting.py +0 -42
  52. examples/server_sync_check_conn.py +0 -32
  53. examples/sharing_groups.py +0 -15
  54. examples/show_sightings.py +0 -168
  55. examples/stats_report.py +0 -405
  56. examples/sync_sighting.py +0 -171
  57. examples/tags.py +0 -25
  58. examples/test_sign.py +0 -19
  59. examples/trustar_misp.py +0 -59
  60. examples/up.py +0 -21
  61. examples/upload.py +0 -60
  62. examples/users_list.py +0 -15
  63. examples/vmray_automation.py +0 -281
  64. examples/vt_to_misp.py +0 -182
  65. examples/warninglists.py +0 -22
  66. examples/yara.py +0 -38
  67. examples/yara_dump.py +0 -98
  68. tests/57c4445b-c548-4654-af0b-4be3950d210f.json +0 -1
  69. tests/__init__.py +0 -0
  70. tests/csv_testfiles/invalid_fieldnames.csv +0 -11
  71. tests/csv_testfiles/valid_fieldnames.csv +0 -4
  72. tests/email_testfiles/mail_1.eml.zip +0 -0
  73. tests/email_testfiles/mail_1.msg +0 -0
  74. tests/email_testfiles/mail_1_bom.eml +0 -858
  75. tests/email_testfiles/mail_1_headers_only.eml +0 -28
  76. tests/email_testfiles/mail_2.eml +0 -32
  77. tests/email_testfiles/mail_3.eml +0 -170
  78. tests/email_testfiles/mail_3.msg +0 -0
  79. tests/email_testfiles/mail_4.msg +0 -0
  80. tests/email_testfiles/mail_5.msg +0 -0
  81. tests/email_testfiles/mail_multiple_to.eml +0 -15
  82. tests/email_testfiles/source +0 -1
  83. tests/git-vuln-finder-quagga.json +0 -1493
  84. tests/misp_event.json +0 -76
  85. tests/mispevent_testfiles/attribute.json +0 -21
  86. tests/mispevent_testfiles/attribute_del.json +0 -23
  87. tests/mispevent_testfiles/def_param.json +0 -53
  88. tests/mispevent_testfiles/event.json +0 -8
  89. tests/mispevent_testfiles/event_obj_attr_tag.json +0 -57
  90. tests/mispevent_testfiles/event_obj_def_param.json +0 -62
  91. tests/mispevent_testfiles/event_obj_tag.json +0 -29
  92. tests/mispevent_testfiles/event_tags.json +0 -18
  93. tests/mispevent_testfiles/existing_event.json +0 -4599
  94. tests/mispevent_testfiles/existing_event_edited.json +0 -4601
  95. tests/mispevent_testfiles/galaxy.json +0 -25
  96. tests/mispevent_testfiles/malware.json +0 -19
  97. tests/mispevent_testfiles/malware_exist.json +0 -163
  98. tests/mispevent_testfiles/misp_custom_obj.json +0 -38
  99. tests/mispevent_testfiles/overwrite_file/definition.json +0 -457
  100. tests/mispevent_testfiles/proposals.json +0 -35
  101. tests/mispevent_testfiles/shadow.json +0 -148
  102. tests/mispevent_testfiles/sighting.json +0 -5
  103. tests/mispevent_testfiles/simple.json +0 -2
  104. tests/mispevent_testfiles/test_object_template/definition.json +0 -29
  105. tests/new_misp_event.json +0 -34
  106. tests/reportlab_testfiles/HTML_event.json +0 -1
  107. tests/reportlab_testfiles/galaxy_1.json +0 -1250
  108. tests/reportlab_testfiles/image_event.json +0 -2490
  109. tests/reportlab_testfiles/japanese_test.json +0 -156
  110. tests/reportlab_testfiles/japanese_test_heavy.json +0 -318
  111. tests/reportlab_testfiles/long_event.json +0 -3730
  112. tests/reportlab_testfiles/mainly_objects_1.json +0 -1092
  113. tests/reportlab_testfiles/mainly_objects_2.json +0 -977
  114. tests/reportlab_testfiles/sighting_1.json +0 -305
  115. tests/reportlab_testfiles/sighting_2.json +0 -221
  116. tests/reportlab_testfiles/to_delete1.json +0 -804
  117. tests/reportlab_testfiles/to_delete2.json +0 -1
  118. tests/reportlab_testfiles/to_delete3.json +0 -1
  119. tests/reportlab_testfiles/very_long_event.json +0 -1006
  120. tests/reportlab_testoutputs/to_delete1.json.pdf +0 -391
  121. tests/reportlab_testoutputs/to_delete2.json.pdf +0 -506
  122. tests/reportlab_testoutputs/to_delete3.json.pdf +0 -277
  123. tests/search_index_result.json +0 -69
  124. tests/sharing_groups.json +0 -98
  125. tests/stix1.xml-utf8 +0 -110
  126. tests/stix2.json +0 -1
  127. tests/test_analyst_data.py +0 -123
  128. tests/test_emailobject.py +0 -157
  129. tests/test_fileobject.py +0 -20
  130. tests/test_mispevent.py +0 -473
  131. tests/test_reportlab.py +0 -431
  132. tests/testlive_comprehensive.py +0 -3734
  133. tests/testlive_sync.py +0 -474
  134. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/LICENSE +0 -0
  135. {pymisp-2.5.7.dist-info → pymisp-2.5.8.dist-info}/WHEEL +0 -0
tests/reportlab_testfiles/to_delete1.json DELETED
@@ -1,804 +0,0 @@
1
- {
2
- "Event": {
3
- "info": "OSINT - New Malware with Ties to SunOrcal Discovered",
4
- "publish_timestamp": "1518455494",
5
- "timestamp": "1510922435",
6
- "analysis": "2",
7
- "Attribute": [
8
- {
9
- "comment": "",
10
- "category": "External analysis",
11
- "uuid": "5a0a9ade-3b60-4fbb-87d2-4628950d210f",
12
- "timestamp": "1510922426",
13
- "to_ids": false,
14
- "value": "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/",
15
- "Tag": [
16
- {
17
- "colour": "#00223b",
18
- "exportable": true,
19
- "name": "osint:source-type=\"blog-post\""
20
- }
21
- ],
22
- "object_relation": null,
23
- "type": "link"
24
- },
25
- {
26
- "comment": "",
27
- "category": "External analysis",
28
- "uuid": "5a0a9af4-0d1c-4ae0-8903-45c4950d210f",
29
- "timestamp": "1510922426",
30
- "to_ids": false,
31
- "value": "Unit 42 has discovered a new malware family we\u2019ve named \u201cReaver\u201d with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.",
32
- "Tag": [
33
- {
34
- "colour": "#00223b",
35
- "exportable": true,
36
- "name": "osint:source-type=\"blog-post\""
37
- }
38
- ],
39
- "object_relation": null,
40
- "type": "comment"
41
- },
42
- {
43
- "comment": "",
44
- "category": "Persistence mechanism",
45
- "uuid": "5a0a9d47-1c7c-4353-8523-440b950d210f",
46
- "timestamp": "1510922426",
47
- "to_ids": false,
48
- "value": "%COMMONPROGRAMFILES%\\services\\",
49
- "object_relation": null,
50
- "type": "regkey"
51
- },
52
- {
53
- "comment": "",
54
- "category": "Persistence mechanism",
55
- "uuid": "5a0a9d47-808c-4833-b739-43bf950d210f",
56
- "timestamp": "1510922426",
57
- "to_ids": false,
58
- "value": "%APPDATA%\\microsoft\\mmc\\",
59
- "object_relation": null,
60
- "type": "regkey"
61
- },
62
- {
63
- "comment": "",
64
- "category": "Persistence mechanism",
65
- "uuid": "5a0a9d47-91e0-4fea-8a8d-48ce950d210f",
66
- "timestamp": "1510922426",
67
- "to_ids": false,
68
- "value": "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Common Startup",
69
- "object_relation": null,
70
- "type": "regkey"
71
- },
72
- {
73
- "comment": "",
74
- "category": "Persistence mechanism",
75
- "uuid": "5a0a9d47-0d2c-4f98-9913-4ea3950d210f",
76
- "timestamp": "1510922426",
77
- "to_ids": false,
78
- "value": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Startup",
79
- "object_relation": null,
80
- "type": "regkey"
81
- },
82
- {
83
- "comment": "",
84
- "category": "Payload delivery",
85
- "uuid": "5a0a9d47-a0a4-4f6b-bd53-42b4950d210f",
86
- "timestamp": "1510922426",
87
- "to_ids": true,
88
- "value": "\u2018%TEMP%\\~WUpdate.lnk",
89
- "object_relation": null,
90
- "type": "filename"
91
- },
92
- {
93
- "comment": "",
94
- "category": "Payload delivery",
95
- "uuid": "5a0a9d96-48d4-4538-b643-4c26950d210f",
96
- "timestamp": "1510922426",
97
- "to_ids": true,
98
- "value": "%TEMP%\\~Update.lnk",
99
- "object_relation": null,
100
- "type": "filename"
101
- },
102
- {
103
- "comment": "",
104
- "category": "Persistence mechanism",
105
- "uuid": "5a0a9d96-d87c-4b6f-b3a6-4eea950d210f",
106
- "timestamp": "1510922426",
107
- "to_ids": false,
108
- "value": "%APPDATA%\\microsoft\\credentials\\",
109
- "object_relation": null,
110
- "type": "regkey"
111
- },
112
- {
113
- "comment": "",
114
- "category": "Payload delivery",
115
- "uuid": "5a0a9d96-83dc-4a40-90fe-46d9950d210f",
116
- "timestamp": "1510922426",
117
- "to_ids": true,
118
- "value": "%TEMP%\\winhelp.dat",
119
- "object_relation": null,
120
- "type": "filename"
121
- },
122
- {
123
- "comment": "",
124
- "category": "Payload delivery",
125
- "uuid": "5a0a9d96-cc18-491c-b16b-4ffe950d210f",
126
- "timestamp": "1510922426",
127
- "to_ids": true,
128
- "value": "[path_previously_identified]\\winhelp.cpl",
129
- "object_relation": null,
130
- "type": "filename"
131
- },
132
- {
133
- "comment": "C2",
134
- "category": "Network activity",
135
- "uuid": "5a0a9e4c-1c14-49c0-bee2-4f7d950d210f",
136
- "timestamp": "1510922426",
137
- "to_ids": true,
138
- "value": "www.fyoutside.com",
139
- "object_relation": null,
140
- "type": "hostname"
141
- },
142
- {
143
- "comment": "C2",
144
- "category": "Network activity",
145
- "uuid": "5a0a9e4c-ab08-47f8-991f-471c950d210f",
146
- "timestamp": "1510922426",
147
- "to_ids": true,
148
- "value": "www.tashdqdxp.com",
149
- "object_relation": null,
150
- "type": "hostname"
151
- },
152
- {
153
- "comment": "C2",
154
- "category": "Network activity",
155
- "uuid": "5a0a9e4c-8ba4-43d7-a8e3-4b52950d210f",
156
- "timestamp": "1510922426",
157
- "to_ids": true,
158
- "value": "www.weryhstui.com",
159
- "object_relation": null,
160
- "type": "hostname"
161
- },
162
- {
163
- "comment": "",
164
- "category": "Network activity",
165
- "uuid": "5a0a9e4c-bcf8-42ac-86dc-48b0950d210f",
166
- "timestamp": "1510922426",
167
- "to_ids": true,
168
- "value": "98.126.156.210",
169
- "object_relation": null,
170
- "type": "ip-dst"
171
- },
172
- {
173
- "comment": "C2",
174
- "category": "Network activity",
175
- "uuid": "5a0a9e4c-9440-40fa-ac80-4320950d210f",
176
- "timestamp": "1510922426",
177
- "to_ids": true,
178
- "value": "www.olinaodi.com",
179
- "object_relation": null,
180
- "type": "hostname"
181
- },
182
- {
183
- "comment": "Reaver.v1",
184
- "category": "Payload delivery",
185
- "uuid": "5a0a9eae-a23c-4b65-b46b-4683950d210f",
186
- "timestamp": "1510922427",
187
- "to_ids": true,
188
- "value": "d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666",
189
- "object_relation": null,
190
- "type": "sha256"
191
- },
192
- {
193
- "comment": "Reaver.v2",
194
- "category": "Payload delivery",
195
- "uuid": "5a0a9eae-5e1c-411a-b1ba-49ac950d210f",
196
- "timestamp": "1510922427",
197
- "to_ids": true,
198
- "value": "98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c",
199
- "object_relation": null,
200
- "type": "sha256"
201
- },
202
- {
203
- "comment": "Reaver.v2",
204
- "category": "Payload delivery",
205
- "uuid": "5a0a9eae-ccf0-4390-bcde-43bd950d210f",
206
- "timestamp": "1510922427",
207
- "to_ids": true,
208
- "value": "05ddbd0506ec95fb460b3994e5b21cdb0418ba4aa406374ca1b91249349b7640",
209
- "object_relation": null,
210
- "type": "sha256"
211
- },
212
- {
213
- "comment": "Reaver.v3",
214
- "category": "Payload delivery",
215
- "uuid": "5a0a9eae-3ef4-42d5-baca-44c4950d210f",
216
- "timestamp": "1510922427",
217
- "to_ids": true,
218
- "value": "18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92",
219
- "object_relation": null,
220
- "type": "sha256"
221
- },
222
- {
223
- "comment": "Reaver.v3",
224
- "category": "Payload delivery",
225
- "uuid": "5a0a9eae-8cc8-4bbd-adec-4e38950d210f",
226
- "timestamp": "1510922427",
227
- "to_ids": true,
228
- "value": "c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d",
229
- "object_relation": null,
230
- "type": "sha256"
231
- },
232
- {
233
- "comment": "Reaver.v3",
234
- "category": "Payload delivery",
235
- "uuid": "5a0a9eae-486c-4820-b2b3-4bf0950d210f",
236
- "timestamp": "1510922427",
237
- "to_ids": true,
238
- "value": "9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b",
239
- "object_relation": null,
240
- "type": "sha256"
241
- },
242
- {
243
- "comment": "Reaver.v3",
244
- "category": "Payload delivery",
245
- "uuid": "5a0a9eae-bef4-4696-a1ab-4c83950d210f",
246
- "timestamp": "1510922427",
247
- "to_ids": true,
248
- "value": "26c234c73e2c3448589c7d4a0cf17f615ad3666541a4e611e2d8b77637205bcf",
249
- "object_relation": null,
250
- "type": "sha256"
251
- },
252
- {
253
- "comment": "Reaver.v3",
254
- "category": "Payload delivery",
255
- "uuid": "5a0a9eae-7560-4794-90d1-4f4d950d210f",
256
- "timestamp": "1510922427",
257
- "to_ids": true,
258
- "value": "ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee",
259
- "object_relation": null,
260
- "type": "sha256"
261
- },
262
- {
263
- "comment": "Reaver.v3",
264
- "category": "Payload delivery",
265
- "uuid": "5a0a9eae-d3c4-4809-aea5-435c950d210f",
266
- "timestamp": "1510922427",
267
- "to_ids": true,
268
- "value": "1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1",
269
- "object_relation": null,
270
- "type": "sha256"
271
- },
272
- {
273
- "comment": "Reaver.v3",
274
- "category": "Payload delivery",
275
- "uuid": "5a0a9eae-a5dc-43ab-9158-451c950d210f",
276
- "timestamp": "1510922427",
277
- "to_ids": true,
278
- "value": "c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c",
279
- "object_relation": null,
280
- "type": "sha256"
281
- },
282
- {
283
- "comment": "Reaver.v3",
284
- "category": "Payload delivery",
285
- "uuid": "5a0a9eae-1d70-4f14-b316-4ce4950d210f",
286
- "timestamp": "1510922427",
287
- "to_ids": true,
288
- "value": "1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1",
289
- "object_relation": null,
290
- "type": "sha256"
291
- },
292
- {
293
- "comment": "SunOrcal",
294
- "category": "Payload delivery",
295
- "uuid": "5a0a9eae-7674-4a3f-a595-4006950d210f",
296
- "timestamp": "1510922427",
297
- "to_ids": true,
298
- "value": "799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac",
299
- "object_relation": null,
300
- "type": "sha256"
301
- },
302
- {
303
- "comment": "SunOrcal",
304
- "category": "Payload delivery",
305
- "uuid": "5a0a9eae-4a58-4535-9998-49b7950d210f",
306
- "timestamp": "1510922427",
307
- "to_ids": true,
308
- "value": "81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2",
309
- "object_relation": null,
310
- "type": "sha256"
311
- },
312
- {
313
- "comment": "SunOrcal",
314
- "category": "Payload delivery",
315
- "uuid": "5a0a9eae-6ae4-41a1-8402-4328950d210f",
316
- "timestamp": "1510922427",
317
- "to_ids": true,
318
- "value": "58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5",
319
- "object_relation": null,
320
- "type": "sha256"
321
- },
322
- {
323
- "comment": "SunOrcal",
324
- "category": "Payload delivery",
325
- "uuid": "5a0a9eae-6edc-4177-afd5-4c93950d210f",
326
- "timestamp": "1510922427",
327
- "to_ids": true,
328
- "value": "38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb",
329
- "object_relation": null,
330
- "type": "sha256"
331
- },
332
- {
333
- "comment": "SunOrcal",
334
- "category": "Payload delivery",
335
- "uuid": "5a0a9eae-8388-4e7f-ab5b-4e95950d210f",
336
- "timestamp": "1510922427",
337
- "to_ids": true,
338
- "value": "cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f",
339
- "object_relation": null,
340
- "type": "sha256"
341
- },
342
- {
343
- "comment": "C2",
344
- "category": "Network activity",
345
- "uuid": "5a0a9efc-6604-4cd9-acbb-4632950d210f",
346
- "timestamp": "1510922427",
347
- "to_ids": true,
348
- "value": "104.148.70.217",
349
- "object_relation": null,
350
- "type": "ip-dst"
351
- },
352
- {
353
- "comment": "SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f",
354
- "category": "Payload delivery",
355
- "uuid": "5a0ed8bb-5df0-47a8-9785-44a702de0b81",
356
- "timestamp": "1510922427",
357
- "to_ids": true,
358
- "value": "da7a5e54d1d45462bda65807c1ef03ee34b7e777",
359
- "object_relation": null,
360
- "type": "sha1"
361
- },
362
- {
363
- "comment": "SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f",
364
- "category": "Payload delivery",
365
- "uuid": "5a0ed8bb-f580-4b51-a866-482602de0b81",
366
- "timestamp": "1510922427",
367
- "to_ids": true,
368
- "value": "7dcf79a66192e88b92ccc12810e61329",
369
- "object_relation": null,
370
- "type": "md5"
371
- },
372
- {
373
- "comment": "SunOrcal - Xchecked via VT: cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f",
374
- "category": "External analysis",
375
- "uuid": "5a0ed8bb-8a94-47be-9f1e-463f02de0b81",
376
- "timestamp": "1510922427",
377
- "to_ids": false,
378
- "value": "https://www.virustotal.com/file/cb7c0cf1750baaa11783e93369230ee666b9f3da7298e4d1bb9a07af6a439f2f/analysis/1510574305/",
379
- "object_relation": null,
380
- "type": "link"
381
- },
382
- {
383
- "comment": "SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb",
384
- "category": "Payload delivery",
385
- "uuid": "5a0ed8bb-3f4c-411b-9507-4d1602de0b81",
386
- "timestamp": "1510922427",
387
- "to_ids": true,
388
- "value": "704886d56ded5817e39d7442b0203c2f76207f92",
389
- "object_relation": null,
390
- "type": "sha1"
391
- },
392
- {
393
- "comment": "SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb",
394
- "category": "Payload delivery",
395
- "uuid": "5a0ed8bb-6f34-4e76-ba5b-45ae02de0b81",
396
- "timestamp": "1510922427",
397
- "to_ids": true,
398
- "value": "af6a25fc28e0560860c01d74854a2cba",
399
- "object_relation": null,
400
- "type": "md5"
401
- },
402
- {
403
- "comment": "SunOrcal - Xchecked via VT: 38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb",
404
- "category": "External analysis",
405
- "uuid": "5a0ed8bb-5b24-48ce-82c4-4e2b02de0b81",
406
- "timestamp": "1510922427",
407
- "to_ids": false,
408
- "value": "https://www.virustotal.com/file/38ea33dab0ba2edd16ecd98cba161c550d1036b253c8666c4110d198948329fb/analysis/1510574322/",
409
- "object_relation": null,
410
- "type": "link"
411
- },
412
- {
413
- "comment": "SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5",
414
- "category": "Payload delivery",
415
- "uuid": "5a0ed8bb-830c-472b-9d19-481002de0b81",
416
- "timestamp": "1510922427",
417
- "to_ids": true,
418
- "value": "9adbe92835ee2cc93e0d99b9d4536eb7727acf47",
419
- "object_relation": null,
420
- "type": "sha1"
421
- },
422
- {
423
- "comment": "SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5",
424
- "category": "Payload delivery",
425
- "uuid": "5a0ed8bb-b94c-4e75-a47d-488002de0b81",
426
- "timestamp": "1510922427",
427
- "to_ids": true,
428
- "value": "47cc3592bbf8c3b516ae74c95efb3344",
429
- "object_relation": null,
430
- "type": "md5"
431
- },
432
- {
433
- "comment": "SunOrcal - Xchecked via VT: 58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5",
434
- "category": "External analysis",
435
- "uuid": "5a0ed8bb-8d8c-4b7a-a223-498e02de0b81",
436
- "timestamp": "1510922427",
437
- "to_ids": false,
438
- "value": "https://www.virustotal.com/file/58312fb742ce881e040e1b5b8555f00a402b8dd4fc886acaae2f862040b3bfc5/analysis/1510574347/",
439
- "object_relation": null,
440
- "type": "link"
441
- },
442
- {
443
- "comment": "SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2",
444
- "category": "Payload delivery",
445
- "uuid": "5a0ed8bb-b9b0-40ac-a84f-4b6002de0b81",
446
- "timestamp": "1510922427",
447
- "to_ids": true,
448
- "value": "7fa8bfc051b98698e6b95cbc7163e4aa41880279",
449
- "object_relation": null,
450
- "type": "sha1"
451
- },
452
- {
453
- "comment": "SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2",
454
- "category": "Payload delivery",
455
- "uuid": "5a0ed8bb-65e8-471f-9a66-4e3102de0b81",
456
- "timestamp": "1510922427",
457
- "to_ids": true,
458
- "value": "5eb3a846092cae378fcd45bdf5453536",
459
- "object_relation": null,
460
- "type": "md5"
461
- },
462
- {
463
- "comment": "SunOrcal - Xchecked via VT: 81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2",
464
- "category": "External analysis",
465
- "uuid": "5a0ed8bb-d7c0-4ed1-9bdc-497002de0b81",
466
- "timestamp": "1510922427",
467
- "to_ids": false,
468
- "value": "https://www.virustotal.com/file/81d887fefdbb0219647991c2b7bddf45c2fede4dc6fc18408f1706e0279615b2/analysis/1510574318/",
469
- "object_relation": null,
470
- "type": "link"
471
- },
472
- {
473
- "comment": "SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac",
474
- "category": "Payload delivery",
475
- "uuid": "5a0ed8bb-a260-4d97-b3c8-43eb02de0b81",
476
- "timestamp": "1510922427",
477
- "to_ids": true,
478
- "value": "a6e538a01c366580e90e49249251b66dfe39c72f",
479
- "object_relation": null,
480
- "type": "sha1"
481
- },
482
- {
483
- "comment": "SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac",
484
- "category": "Payload delivery",
485
- "uuid": "5a0ed8bb-61ec-48e1-8327-492b02de0b81",
486
- "timestamp": "1510922427",
487
- "to_ids": true,
488
- "value": "11a5b1901243396984670af7acc6cf72",
489
- "object_relation": null,
490
- "type": "md5"
491
- },
492
- {
493
- "comment": "SunOrcal - Xchecked via VT: 799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac",
494
- "category": "External analysis",
495
- "uuid": "5a0ed8bb-4f20-46d8-b762-4cf702de0b81",
496
- "timestamp": "1510922427",
497
- "to_ids": false,
498
- "value": "https://www.virustotal.com/file/799139b5278dc2ac24279cc6c3db44f4ef0ea78ee7b721b0ace38fd8018c51ac/analysis/1510574343/",
499
- "object_relation": null,
500
- "type": "link"
501
- },
502
- {
503
- "comment": "Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1",
504
- "category": "Payload delivery",
505
- "uuid": "5a0ed8bb-b6ec-4b31-8078-4c9b02de0b81",
506
- "timestamp": "1510922427",
507
- "to_ids": true,
508
- "value": "03bc4181fb54af3151cab60406a01a44158e5277",
509
- "object_relation": null,
510
- "type": "sha1"
511
- },
512
- {
513
- "comment": "Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1",
514
- "category": "Payload delivery",
515
- "uuid": "5a0ed8bb-67e0-45e3-86d3-4a9d02de0b81",
516
- "timestamp": "1510922427",
517
- "to_ids": true,
518
- "value": "17587683361d8458aebd9b8fdd07137a",
519
- "object_relation": null,
520
- "type": "md5"
521
- },
522
- {
523
- "comment": "Reaver.v3 - Xchecked via VT: 1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1",
524
- "category": "External analysis",
525
- "uuid": "5a0ed8bb-cfec-48d4-9919-49ab02de0b81",
526
- "timestamp": "1510922427",
527
- "to_ids": false,
528
- "value": "https://www.virustotal.com/file/1813f10bcf74beb582c824c64fff63cb150d178bef93af81d875ca84214307a1/analysis/1510849386/",
529
- "object_relation": null,
530
- "type": "link"
531
- },
532
- {
533
- "comment": "Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c",
534
- "category": "Payload delivery",
535
- "uuid": "5a0ed8bb-cb84-4739-a17e-456b02de0b81",
536
- "timestamp": "1510922427",
537
- "to_ids": true,
538
- "value": "b31160953ff19e6abf12fc8319420ab2e1c88e77",
539
- "object_relation": null,
540
- "type": "sha1"
541
- },
542
- {
543
- "comment": "Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c",
544
- "category": "Payload delivery",
545
- "uuid": "5a0ed8bb-8bd8-4a20-a99e-498b02de0b81",
546
- "timestamp": "1510922427",
547
- "to_ids": true,
548
- "value": "2d563bf83bddca1f24e8a0ffb951a7e9",
549
- "object_relation": null,
550
- "type": "md5"
551
- },
552
- {
553
- "comment": "Reaver.v3 - Xchecked via VT: c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c",
554
- "category": "External analysis",
555
- "uuid": "5a0ed8bb-c264-45c1-acf8-4ece02de0b81",
556
- "timestamp": "1510922427",
557
- "to_ids": false,
558
- "value": "https://www.virustotal.com/file/c906250e0a4c457663e37119ebe1efa1e4b97eef1d975f383ac3243f9f09908c/analysis/1510574300/",
559
- "object_relation": null,
560
- "type": "link"
561
- },
562
- {
563
- "comment": "Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1",
564
- "category": "Payload delivery",
565
- "uuid": "5a0ed8bb-bc04-47cf-8f7b-49cb02de0b81",
566
- "timestamp": "1510922427",
567
- "to_ids": true,
568
- "value": "172b4578cb50985b08c227360d9c9df2cf32117a",
569
- "object_relation": null,
570
- "type": "sha1"
571
- },
572
- {
573
- "comment": "Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1",
574
- "category": "Payload delivery",
575
- "uuid": "5a0ed8bb-9340-4443-b23e-4e1902de0b81",
576
- "timestamp": "1510922427",
577
- "to_ids": true,
578
- "value": "aab319d9715d38a37a10d82e87478dfc",
579
- "object_relation": null,
580
- "type": "md5"
581
- },
582
- {
583
- "comment": "Reaver.v3 - Xchecked via VT: 1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1",
584
- "category": "External analysis",
585
- "uuid": "5a0ed8bb-b9c8-43aa-8797-462302de0b81",
586
- "timestamp": "1510922427",
587
- "to_ids": false,
588
- "value": "https://www.virustotal.com/file/1fcda755e8fa23d27329e4bc0443a82e1c1e9a6c1691639db256a187365e4db1/analysis/1510574331/",
589
- "object_relation": null,
590
- "type": "link"
591
- },
592
- {
593
- "comment": "Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee",
594
- "category": "Payload delivery",
595
- "uuid": "5a0ed8bb-8a68-4f7a-adcb-46c302de0b81",
596
- "timestamp": "1510922427",
597
- "to_ids": true,
598
- "value": "d62f1f039d0be1d7b2a8ed122d97ee917dbc9ce8",
599
- "object_relation": null,
600
- "type": "sha1"
601
- },
602
- {
603
- "comment": "Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee",
604
- "category": "Payload delivery",
605
- "uuid": "5a0ed8bb-dcf8-4fe9-bdee-484502de0b81",
606
- "timestamp": "1510922427",
607
- "to_ids": true,
608
- "value": "892350b2a44efd9fa1e7c88aec013818",
609
- "object_relation": null,
610
- "type": "md5"
611
- },
612
- {
613
- "comment": "Reaver.v3 - Xchecked via VT: ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee",
614
- "category": "External analysis",
615
- "uuid": "5a0ed8bb-23d8-4bbe-b367-4fae02de0b81",
616
- "timestamp": "1510922427",
617
- "to_ids": false,
618
- "value": "https://www.virustotal.com/file/ae9f158e4886cfdbfb4f1b3b25707d05f6fd873d0be9d8e7334a2c28741228ee/analysis/1510574327/",
619
- "object_relation": null,
620
- "type": "link"
621
- },
622
- {
623
- "comment": "Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b",
624
- "category": "Payload delivery",
625
- "uuid": "5a0ed8bb-d850-43f6-aa30-4f5702de0b81",
626
- "timestamp": "1510922427",
627
- "to_ids": true,
628
- "value": "e96be5b542d100913a5bca0f02fb094d6f3ad85b",
629
- "object_relation": null,
630
- "type": "sha1"
631
- },
632
- {
633
- "comment": "Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b",
634
- "category": "Payload delivery",
635
- "uuid": "5a0ed8bb-3ae4-4f3e-b592-474002de0b81",
636
- "timestamp": "1510922427",
637
- "to_ids": true,
638
- "value": "dd7edadd019bc120978a4dad284fbea6",
639
- "object_relation": null,
640
- "type": "md5"
641
- },
642
- {
643
- "comment": "Reaver.v3 - Xchecked via VT: 9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b",
644
- "category": "External analysis",
645
- "uuid": "5a0ed8bb-c9a4-4669-a3ba-47e002de0b81",
646
- "timestamp": "1510922427",
647
- "to_ids": false,
648
- "value": "https://www.virustotal.com/file/9213f70bce491991c4cbbbd7dc3e67d3a3d535b965d7064973b35c50f265e59b/analysis/1510574335/",
649
- "object_relation": null,
650
- "type": "link"
651
- },
652
- {
653
- "comment": "Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d",
654
- "category": "Payload delivery",
655
- "uuid": "5a0ed8bb-e764-4ad4-8cdb-438902de0b81",
656
- "timestamp": "1510922427",
657
- "to_ids": true,
658
- "value": "cbde40a234bff8870f8746eca969c364da7f4aec",
659
- "object_relation": null,
660
- "type": "sha1"
661
- },
662
- {
663
- "comment": "Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d",
664
- "category": "Payload delivery",
665
- "uuid": "5a0ed8bb-02e0-4eb5-9e34-41e602de0b81",
666
- "timestamp": "1510922427",
667
- "to_ids": true,
668
- "value": "ae185e9c43bb1498a3c653a0886896e3",
669
- "object_relation": null,
670
- "type": "md5"
671
- },
672
- {
673
- "comment": "Reaver.v3 - Xchecked via VT: c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d",
674
- "category": "External analysis",
675
- "uuid": "5a0ed8bb-586c-4a4d-aa3b-4f7c02de0b81",
676
- "timestamp": "1510922427",
677
- "to_ids": false,
678
- "value": "https://www.virustotal.com/file/c0f8bb77284b96e07cab1c3fab8800b1bbd030720c74628c4ee5666694ef903d/analysis/1510921773/",
679
- "object_relation": null,
680
- "type": "link"
681
- },
682
- {
683
- "comment": "Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92",
684
- "category": "Payload delivery",
685
- "uuid": "5a0ed8bc-ba8c-4160-8374-4dba02de0b81",
686
- "timestamp": "1510922428",
687
- "to_ids": true,
688
- "value": "5c6b231111239c0625dc9ff4359d1b8553159ecc",
689
- "object_relation": null,
690
- "type": "sha1"
691
- },
692
- {
693
- "comment": "Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92",
694
- "category": "Payload delivery",
695
- "uuid": "5a0ed8bc-eff4-4d36-947a-424c02de0b81",
696
- "timestamp": "1510922428",
697
- "to_ids": true,
698
- "value": "c629f8f3206e5a6de83b4c996a2bacfb",
699
- "object_relation": null,
700
- "type": "md5"
701
- },
702
- {
703
- "comment": "Reaver.v3 - Xchecked via VT: 18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92",
704
- "category": "External analysis",
705
- "uuid": "5a0ed8bc-60d8-4f2e-aa79-4d6f02de0b81",
706
- "timestamp": "1510922428",
707
- "to_ids": false,
708
- "value": "https://www.virustotal.com/file/18ac3b14300ecfeed4b64a844c16dccb06b0e3513d0954d6c6182f2ea14e4c92/analysis/1510610402/",
709
- "object_relation": null,
710
- "type": "link"
711
- },
712
- {
713
- "comment": "Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c",
714
- "category": "Payload delivery",
715
- "uuid": "5a0ed8bc-0124-4bd3-9049-4e6b02de0b81",
716
- "timestamp": "1510922428",
717
- "to_ids": true,
718
- "value": "c05d15fc94d096a821f2c689a29dff7679ce087a",
719
- "object_relation": null,
720
- "type": "sha1"
721
- },
722
- {
723
- "comment": "Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c",
724
- "category": "Payload delivery",
725
- "uuid": "5a0ed8bc-c04c-49c4-9d39-464802de0b81",
726
- "timestamp": "1510922428",
727
- "to_ids": true,
728
- "value": "dadf3d3dd411bc02d7c05ee3a18259ea",
729
- "object_relation": null,
730
- "type": "md5"
731
- },
732
- {
733
- "comment": "Reaver.v2 - Xchecked via VT: 98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c",
734
- "category": "External analysis",
735
- "uuid": "5a0ed8bc-37cc-47c1-bdcd-454e02de0b81",
736
- "timestamp": "1510922428",
737
- "to_ids": false,
738
- "value": "https://www.virustotal.com/file/98eb5465c6330b9b49df2e7c9ad0b1164aa5b35423d9e80495a178eb510cdc1c/analysis/1510823791/",
739
- "object_relation": null,
740
- "type": "link"
741
- },
742
- {
743
- "comment": "Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666",
744
- "category": "Payload delivery",
745
- "uuid": "5a0ed8bc-4014-447e-8efc-450702de0b81",
746
- "timestamp": "1510922428",
747
- "to_ids": true,
748
- "value": "0cea48067ddbc9227363168013142f6f3a5dea9f",
749
- "object_relation": null,
750
- "type": "sha1"
751
- },
752
- {
753
- "comment": "Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666",
754
- "category": "Payload delivery",
755
- "uuid": "5a0ed8bc-5768-4c26-85a2-47b902de0b81",
756
- "timestamp": "1510922428",
757
- "to_ids": true,
758
- "value": "9f289cce6f95949450e3f4c96a187f5d",
759
- "object_relation": null,
760
- "type": "md5"
761
- },
762
- {
763
- "comment": "Reaver.v1 - Xchecked via VT: d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666",
764
- "category": "External analysis",
765
- "uuid": "5a0ed8bc-a7a0-499f-bd08-48bb02de0b81",
766
- "timestamp": "1510922428",
767
- "to_ids": false,
768
- "value": "https://www.virustotal.com/file/d560f44188fb56d3abb11d9508e1167329470de19b811163eb1167534722e666/analysis/1510823685/",
769
- "object_relation": null,
770
- "type": "link"
771
- }
772
- ],
773
- "Tag": [
774
- {
775
- "colour": "#004646",
776
- "exportable": true,
777
- "name": "type:OSINT"
778
- },
779
- {
780
- "colour": "#ffffff",
781
- "exportable": true,
782
- "name": "tlp:white"
783
- },
784
- {
785
- "colour": "#3c7700",
786
- "exportable": true,
787
- "name": "circl:incident-classification=\"malware\""
788
- },
789
- {
790
- "colour": "#00223b",
791
- "exportable": true,
792
- "name": "osint:source-type=\"blog-post\""
793
- }
794
- ],
795
- "published": true,
796
- "date": "2017-11-10",
797
- "Orgc": {
798
- "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f",
799
- "name": "CIRCL"
800
- },
801
- "threat_level_id": "3",
802
- "uuid": "5a0a9aa9-23a4-4607-b6df-41a9950d210f"
803
- }
804
- }